WebCopilot:一个枚举子域的自动化工具

介绍

WebCopilot是一种自动化工具,旨在枚举目标的子域并使用不同的开源工具检测错误。

该脚本首先使用 assetfinder、sublister、subfinder、amass、findomain、hackertarget、riddler 和 crt 枚举给定目标域的所有子域,然后使用 SecLists wordlist 中的 gobuster 进行活动子域枚举,然后使用 dnsx 过滤掉所有活动子域,然后提取使用 httpx 的子域标题并使用 subjack 扫描子域接管。然后它使用 gauplus 和 waybackurls 爬取给定子域的所有端点,然后使用 gf 模式过滤掉给定子域中的 xss、lfi、ssrf、sqli、开放重定向和 rce 参数,然后扫描子域上的漏洞使用不同的开源工具(如 kxss、dalfox、openredirex、nuclei 等)。然后它会打印出扫描结果并将所有输出保存在指定目录中。

特征

用法

g!2m0:~ webcopilot -h
             
                                ──────▄▀▄─────▄▀▄
                                ─────▄█░░▀▀▀▀▀░░█▄
                                ─▄▄──█░░░░░░░░░░░█──▄▄
                                █▄▄█─█░░▀░░┬░░▀░░█─█▄▄█
 ██╗░░░░░░░██╗███████╗██████╗░░█████╗░░█████╗░██████╗░██╗██╗░░░░░░█████╗░████████╗
░██║░░██╗░░██║██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔══██╗██║██║░░░░░██╔══██╗╚══██╔══╝
░╚██╗████╗██╔╝█████╗░░██████╦╝██║░░╚═╝██║░░██║██████╔╝██║██║░░░░░██║░░██║░░░██║░░░
░░████╔═████║░██╔══╝░░██╔══██╗██║░░██╗██║░░██║██╔═══╝░██║██║░░░░░██║░░██║░░░██║░░░
░░╚██╔╝░╚██╔╝░███████╗██████╦╝╚█████╔╝╚█████╔╝██║░░░░░██║███████╗╚█████╔╝░░░██║░░░
░░░╚═╝░░░╚═╝░░╚══════╝╚═════╝░░╚════╝░░╚════╝░╚═╝░░░░░╚═╝╚══════╝░╚════╝░░░░╚═╝░░░
                                                      [●] @h4r5h1t.hrs | G!2m0

Usage:
webcopilot -d <target>
webcopilot -d <target> -s
webcopilot [-d target] [-o output destination] [-t threads] [-b blind server URL] [-x exclude domains]

Flags:  
  -d        Add your target [Requried]
  -o        To save outputs in folder [Default: domain.com]
  -t        Number of threads [Default: 100]
  -b        Add your server for BXSS [Default: False]
  -x        Exclude out of scope domains [Default: False]
  -s        Run only Subdomain Enumeration [Default: False]
  -h        Show this help message

Example: webcopilot  -d domain.com -o domain -t 333 -x exclude.txt -b testServer.xss
Use https://xsshunter.com/ or https://interact.projectdiscovery.io/ to get your server

安装 WebCopilot

WebCopilot 需要git才能成功安装。以root身份运行以下命令来安装 webcopilot

git clone https://github.com/h4r5h1t/webcopilot && cd webcopilot/ && chmod +x webcopilot install.sh && mv webcopilot /usr/bin/ && ./install.sh

使用的工具:

SubFinder · Sublist3r · Findomain · gf · OpenRedireX · dnsx · sqlmap · gobuster · assetfinder · httpx · kxss · qsreplace · Nuclei · dalfox · anew · jq · aquatone · urldedupe · Amass · gauplus · waybackurls · crlfuzz

运行 WebCopilot

要在目标上运行该工具,只需使用以下命令。

g!2m0:~ webcopilot -d bugcrowd.com

-o命令可用于指定输出目录。

g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd

-s命令只能用于子域枚举(主动+被动,还可以获取标题和屏幕截图)。

g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd -s 

-t命令可用于向扫描添加线程以获得更快的结果。

g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd -t 333 

-b命令可用于盲xss(OOB),您可以从xsshunter获取您的服务器或交互

g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd -t 333 -b testServer.xss

-x命令可用于排除超出范围的域。

g!2m0:~ echo out.bugcrowd.com > excludeDomain.txt
g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd -t 333 -x excludeDomain.txt -b testServer.xss

例子

默认选项如下所示:

g!2m0:~ webcopilot -d bugcrowd.com - bugcrowd
                                ──────▄▀▄─────▄▀▄
                                ─────▄█░░▀▀▀▀▀░░█▄
                                ─▄▄──█░░░░░░░░░░░█──▄▄
                                █▄▄█─█░░▀░░┬░░▀░░█─█▄▄█
 ██╗░░░░░░░██╗███████╗██████╗░░█████╗░░█████╗░██████╗░██╗██╗░░░░░░█████╗░████████╗
░██║░░██╗░░██║██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔══██╗██║██║░░░░░██╔══██╗╚══██╔══╝
░╚██╗████╗██╔╝█████╗░░██████╦╝██║░░╚═╝██║░░██║██████╔╝██║██║░░░░░██║░░██║░░░██║░░░
░░████╔═████║░██╔══╝░░██╔══██╗██║░░██╗██║░░██║██╔═══╝░██║██║░░░░░██║░░██║░░░██║░░░
░░╚██╔╝░╚██╔╝░███████╗██████╦╝╚█████╔╝╚█████╔╝██║░░░░░██║███████╗╚█████╔╝░░░██║░░░
░░░╚═╝░░░╚═╝░░╚══════╝╚═════╝░░╚════╝░░╚════╝░╚═╝░░░░░╚═╝╚══════╝░╚════╝░░░░╚═╝░░░
                                                      [●] @h4r5h1t.hrs | G!2m0


[❌] Warning: Use with caution. You are responsible for your own actions.
[❌] Developers assume no liability and are not responsible for any misuse or damage cause by this tool.


Target:  bugcrowd.com
Output:  /home/gizmo/targets/bugcrowd
Threads: 100
Server:  False
Exclude: False
Mode:    Running all Enumeration
Time:    30-08-2021 15:10:00

[!] Please wait while scanning...

[●] Subdomain Scanning is in progress: Scanning subdomains of bugcrowd.com
[●] Subdomain Scanned  -  [assetfinder✔]                 Subdomain Found: 34
[●] Subdomain Scanned  -  [sublist3r✔]                   Subdomain Found: 29
[●] Subdomain Scanned  -  [subfinder✔]                   Subdomain Found: 54
[●] Subdomain Scanned  -  [amass✔]                       Subdomain Found: 43
[●] Subdomain Scanned  -  [findomain✔]                   Subdomain Found: 27

[●] Active Subdomain Scanning is in progress:
[!] Please be patient. This may take a while...
[●] Active Subdomain Scanned  -  [gobuster✔]             Subdomain Found: 11
[●] Active Subdomain Scanned  -  [amass✔]                Subdomain Found: 0

[●] Subdomain Scanning: Filtering out of scope subdomains
[●] Subdomain Scanning: Filtering Alive subdomains
[●] Subdomain Scanning: Getting titles of valid subdomains
[●] Visual inspection of Subdomains is completed.        Check: /subdomains/aquatone/

[●] Scanning Completed for Subdomains of bugcrowd.com    Total: 43 | Alive: 30

[●] Endpoints Scanning Completed for Subdomains of bugcrowd.com  Total: 11032
[●] Vulnerabilities Scanning is in progress: Getting all vulnerabilities of bugcrowd.com
[●] Vulnerabilities Scanned  -  [XSS✔]                   Found: 0
[●] Vulnerabilities Scanned  -  [SQLi✔]                  Found: 0
[●] Vulnerabilities Scanned  -  [LFI✔]                   Found: 0
[●] Vulnerabilities Scanned  -  [CRLF✔]                  Found: 0
[●] Vulnerabilities Scanned  -  [SSRF✔]                  Found: 0
[●] Vulnerabilities Scanned  -  [Sensitive Data✔]        Found: 0
[●] Vulnerabilities Scanned  -  [Open redirect✔]         Found: 0
[●] Vulnerabilities Scanned  -  [Subdomain Takeover✔]    Found: 0
[●] Vulnerabilities Scanned  -  [Nuclie✔]                Found: 0
[●] Vulnerabilities Scanning Completed for Subdomains of bugcrowd.com    Check: /vulnerabilities/


▒█▀▀█ █▀▀ █▀▀ █░░█ █░░ ▀▀█▀▀
▒█▄▄▀ █▀▀ ▀▀█ █░░█ █░░ ░░█░░
▒█░▒█ ▀▀▀ ▀▀▀ ░▀▀▀ ▀▀▀ ░░▀░░

[+] Subdomains of bugcrowd.com
[+] Subdomains Found: 0
[+] Subdomains Alive: 0
[+] Endpoints: 11032
[+] XSS: 0
[+] SQLi: 0
[+] Open Redirect: 0
[+] SSRF: 0
[+] CRLF: 0
[+] LFI: 0
[+] Sensitive Data: 0
[+] Subdomain Takeover: 0
[+] Nuclei: 0

项目地址

WebCopilot:【GitHub

© 版权声明
THE END
喜欢就支持一下吧
点赞1399赞赏 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容